Macs, Modularity and More

Flash in the pan

Our future work with Flash on mobile devices will be focused on enabling Flash developers to package native apps with Adobe AIR for all the major app stores. We will no longer adapt Flash Player for mobile devices to new browser, OS version or device configurations. Some of our source code licensees may opt to continue working on and releasing their own implementations. We will continue to support the current Android and PlayBook configurations with critical bug fixes and security updates.

This doesn't mean that Adobe is out of the Flash business entirely, but it does mean that adverts and other interactive content intended for viewing on mobile devices will gradually be transitioned over to HTML5. It also signifies an increase in their HTML5 generation tools, which is ultimately Adobe's income stream from Flash.

Whether Google keeps supporting Flash for Android or not remains to be seen; and if Android stops supporting it, theni t's quite likely that it will be dead in the water. I suspect that it will continue to live on in the next Android and Windows release, but probably the subsequent one it's unlikely to happen.

JavaScript is the new bytecode

Instead, HTML5 is being seen as the new application runtime. Long predicted by Jobs, the advantage of an open runtime is that multiple companies can compete on providing the most efficient experience, whilst disassociating it from the content creation experience. Various toolkits already exist (JQueryMobile, JQueryTouch) but higher level drag-and-drop applications are still missing in action. Some systems – like GWT – compile down to JavaScript, and this may be an avenue taken by others (e.g. Dart, CoffeeScript) to give a better runtime.

However, JavaScript isn't a pleasant language to write in. Not from a syntax perspective, but from the quirks that the language gives you; for example, you can't assume that !!a is the same as a, and if you miss out on a var then serious bugs can be introduced.

Adobe already had some HTML5 generation tools available, and I expect that these will take a greater focus in the future. Even though Flash will still be supported for the desktop, mobile devices will need HTML5 and conveniently this will also run on desktops as well.

Security

Outdated software is the key reason for security exploits. Some may argue Flash as being the biggest carrier of such exploits; but in reality, any system may have remotely exploitable bugs if it's not kept up-to-date. Flash doesn't help, in that it requires Administrator privileges on Windows and OSX in order to update itself, which means the 'check for updates' frequently doesn't unless you happen to follow bad practices.

It's also worth remembering that browsers themselves (or the libraries that they depend on) form a huge attack surface. As browsers have got more complicated – especially introducing direct memory manipulation processes such as WebGL – the likelihood is that these runtimes will become the new security concerns in the future. But unlike Flash, these can't be disabled by removing a plug-in; it's there whether you like it or not.

One of the most recent examples is the latest WebKit hack on an iPhone device. By working with the JIT compiler for JavaScript performance improvements, Charlie Miller was able to download and execute rogue code through a specially developed (native) iOS application.

Summary

Mobile flash going away is a win for everyone. It promised much and delivered poor-to-average performance for the platforms it was available on. The fact that it remains a key way of distributing videos will slowly fade away with the adoption of the HTML5 video tag; in any case, many assets are already available in the standard H.264 codec, which is supported in all of the major browsers. (Firefox is no longer considered a major browser; thanks to its recent breaking upgrade policy of throwing new bits over the wall every month, it has become a joke in the browsing world.)

Whilst Adobe may be trimming down the size of its workforce and refocussing efforts, those efforts were probably always better placed in the content creation rather than content runtime tools. Unfortunately, this means an increased likelihood of seeing adverts (which cannot be blocked through plug-in filters alone) on both mobile and desktop browsers.